Algebraic and Slide Attacks on KeeLoq

  • Nicolas T. Courtois
  • Gregory V. Bard
  • David Wagner
Conference paper

DOI: 10.1007/978-3-540-71039-4_6

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5086)
Cite this paper as:
Courtois N.T., Bard G.V., Wagner D. (2008) Algebraic and Slide Attacks on KeeLoq. In: Nyberg K. (eds) Fast Software Encryption. FSE 2008. Lecture Notes in Computer Science, vol 5086. Springer, Berlin, Heidelberg


KeeLoq is a block cipher used in wireless devices that unlock the doors and alarms in cars manufactured by Chrysler, Daewoo, Fiat, GM, Honda, Jaguar, Toyota, Volvo, Volkswagen, etc [8,9,33,34]. KeeLoq is inexpensive to implement and economical in gate count, yet according to Microchip [33] it should have “a level of security comparable to DES”.

In this paper we present several distinct attacks on KeeLoq, each of them is interesting for different reasons. First we show that when about 232 known plaintexts are available, KeeLoq is very weak and for example for 30% of all keys the full key can be recovered with complexity of 228 KeeLoq encryptions. Then we turn our attention to algebraic attacks with the major challenge of breaking KeeLoq given potentially a very small number of known plaintexts.

Our best “direct” algebraic attack can break up to 160 rounds of KeeLoq. Much better results are achieved in combination with slide attacks. Given about 216 known plaintexts, we present a slide-algebraic attack that uses a SAT solver with the complexity equivalent to about 253 KeeLoq encryptions. To the best of our knowledge, this is the first time that a full-round real-life block cipher is broken using an algebraic attack.


block ciphers unbalanced Feistel ciphers slide attacks algebraic cryptanalysis Gröbner bases SAT solvers KeeLoq 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Nicolas T. Courtois
    • 1
  • Gregory V. Bard
    • 2
  • David Wagner
    • 3
  1. 1.University College LondonLondonUK
  2. 2.Fordham UniversityNYUSA
  3. 3.University of California - BerkeleyBerkeleyUSA

Personalised recommendations